ACL's and Wildcard Masking

[rcs2749]

Ok guys I have a quick question about ACL's and wildcard mask.
I know a wildcard mask can mask a SUBNET and/or SUBNET ranges but can it also mask a range of IP'S within a particular subnet.

For example:
192.168.1.96/27 network
usable ip range 192.168.1.97 -- 192.168.1.126
what would the wildcard mask be if I want to apply an ACL to just ip's 192.168.1.111--192.168.1.126. Is this even possible?

Thanks

 

[marsd]

Out on a limb but I'll take a shot:
I think you are making it too hard based on the netmask....
I believe it would still be 0.0.0.5, or at least the same idea.

 

[rcs2749]

Well I just thought of something, If I have 2 sets of computers on the same subnet they are not gonna goto the default gateway so an ACL would be useless.

 

[svermill]

I think you would require five statements:

deny 192.168.1.111 0.0.0.0
deny 192.168.1.112 0.0.0.7 (covers range from .112 to .119)
deny 192.168.1.120 0.0.0.3 (covers range from .120 to .123)
deny 192.168.1.124 0.0.0.1 (covers range from .124 to .125)
deny 192.168.1.126 0.0.0.0

If you could give up .127, you could replace the last four statements with:

deny 192.168.1.112 0.0.0.15

If you could give up from .96 to .127, you could replace the whole shootin match with:

deny 192.168.1.96 0.0.0.31